In many different applications, users have to be authenticated. For example, when a user accesses online banking services, they will need to perform some form of authentication using a password and possibly other authentication processes to access the online banking service. In providing access to data storage systems, it is also common to authenticate users who which to access and/or change information that is stored by the storage system. It is also common to have different levels of authentication, with so-called step-up authentication being used if the user wishes to undertake a specific task during their user session. For example, in the case of an online banking service, the transfer of money above a certain level may well require the user to entire further secure information to authenticate the particular transaction. In the case of the data storage system, the ability to delete files may require a higher level of authorization for the current user session.
This concept of step-up authentication is applied to situations where elevated authority is required during a user session, perhaps for a limited period of time. For example, a user may elevate their session privilege from the command line by authenticating with sudo. The same user may then intentionally reduce the level of authority associated with their session once the elevated task has been completed. However, the decision to reduce the user's level of authority is taken by the user themselves.